Cursor, Windsurf IDEs Expose 94 Chromium Flaws

Developers using the latest versions of Cursor and Windsurf IDEs face heightened risks, as both platforms expose users to over 94 known security flaws tied to outdated Chromium and V8 JavaScript components. These vulnerabilities, previously patched in their original frameworks, remain unaddressed in the IDEs, leaving systems open to possible exploitation.

Security researchers identified the issues as n-day vulnerabilities—flaws that have been disclosed and fixed elsewhere but linger in other software. The continued use of outdated Chromium builds within the Cursor Windsurf IDEs exposes developers and their environments to threats that should have been mitigated.

The presence of these known bugs raises concerns around software supply chain security and update management. Organizations relying on these development tools should evaluate their risk posture and consider immediate mitigation steps.

For a detailed breakdown of the vulnerabilities and potential impact, read the full article here:
https://www.bleepingcomputer.com/news/security/cursor-windsurf-ides-riddled-with-94-plus-n-day-chromium-vulnerabilities/